Dev1 Galaxy Forum / Heads up: X Server exploit CVE-2018-14665

Re: Heads up: X Server exploit CVE-2018-14665

dummy@example.com (Altoid) — Fri, 26 Oct 2018 16:09:46 +0000

Hello:

Ogis1975 wrote:

Security updates for this vulnerability already in the mirrors.

Indeed ...
Saw it not 15' after I posted.
Fast as lightning. =-)

A big Thank You! to the maintainers.

Cheers,

Re: Heads up: X Server exploit CVE-2018-14665

dummy@example.com (Ogis1975) — Fri, 26 Oct 2018 15:06:24 +0000

In any case, I guess a patch/update should be forthcoming soon.

Hello. Security updates for this vulnerability already in the mirrors. Just run

apt update

and

apt upgrade

Heads up: X Server exploit CVE-2018-14665

dummy@example.com (Altoid) — Fri, 26 Oct 2018 01:36:23 +0000

Hello:

I have not seen this posted in the Dev1 forum yet but if it this is the wrong place, please move it as necessary.

A two year old X Server vulnerability has seen the light, reported by Narendra Shinde and Red Hat a couple of days ago, it's CVE-2018-14665.

cve site wrote:

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Here's an article about it from The Register:

https://www.theregister.co.uk/2018/10/2 … erability/

Here's the cve entry:

https://cve.mitre.org/cgi-bin/cvename.c … 2018-14665

Here's a link to a gitlab post:

https://gitlab.freedesktop.org/xorg/xse … 7c86fe330e

Apparently, it does not affect those of us using a display manager to start an X session, so I guess most of us are covered (?).

In any case, I guess a patch/update should be forthcoming soon.

Cheers,